In this tutorial, we’ll discuss how we can run the GUI applications in Linux as root. We’ll make use of the different utilities that come pre-installed with most Linux distributions such as gksu and sudo.
Furthermore, we’ll also cover PAM and the newer approach that uses the GVFS admin backend to access the local filesystem as root.
2. Running as Root in GUI Applications
We normally run GUI applications as a standard user without needing root access. However, there are certain applications that make changes to the system. For that, we require root access.
For instance, we can’t modify partitions or install system-level applications without having root access. Besides that, it’s also not recommended to run the entire graphical environment as a root user.
Therefore, we’ll have to run the GUI programs as root individually. For that purpose, there exist various utilities, which we’ll cover in the following sections.
3. Classic Approach With gksu
gksu is a GTK-based front-end for su and sudo. It’s not used in the newer Linux distributions. However, there are some distributions that use gksu as the default handler for opening GUI applications as root.
If gksu isn’t available on our Linux machine, we can install it from the official repositories using a package manager such as apt or yum.
On Ubuntu, it’s already pre-installed. However, on Ubuntu-based distributions we can install it using apt:
$ apt install gksu
Similarly, on Fedora, Fedora-based distributions, and RHEL, we can use yum:
$ yum install gksu
Once installed, we can go ahead and launch a GUI application using gksu from the command line:
$ gksu gedit /etc/fstab
Upon entering the command, we should see a prompt asking for our password:
Afterward, we can type in our password and use gedit as a root user.
Additionally, we configure gksu to use either sudo or su as a backend. We can run gksu as su using the –su-mode or -w option:
$ gksu --su-mode gparted
Similarly, we can use the –sudo-mode or -S to use gksu in sudo mode. As a side note, gksu on Ubuntu uses sudo as its default backend.
In the next sections, we’ll take a look at the other alternatives because gksu isn’t available on most modern Linux distributions.
PAM (Pluggable Authentication Modules) is a set of libraries used for service authentication on Linux. PAM makes it easier to authenticate users for certain tasks.
There are a lot of ways to authenticate users, such as display managers, ssh, ftpd, and login. We typically enter our credentials, such as username and password, credentials certificates, or fingerprint to let the system know that we are who we say we are.
However, it can become tedious to re-enter these credentials each time a user performs certain system activities. For that reason, we have PAM to handle these authentication checks.
4.1. Configuring PAM for su/sudo
The configuration files for PAM are located in the /etc/pam.d directory. In this directory, we’ll create a new file named su. Here, we’ll put su specific configuration to run GUI programs as root:
session optional pam_xauth.so
Now, we should be able to launch GUI programs from the command line as su:
$ su - Password: # gparted
This configuration is applicable to sudo as well.
4.2. The DISPLAY and XAUTHORITY Environment Variables
Sometimes, when running GUI applications as root, we’ll get the following error:
$ glxgears No protocol specified Error: couldn't open display :0
In this case, we’ll need to do two things if we’re using the X server:
- specify the $DISPLAY environment variable, which is usually :0
- provide proper authentication information through $XAUTHORITY, which defaults to ~/.Xauthority
Typically, these variables are set for our user, and sudo should set them for a new shell. So, everything should work fine:
$ env | grep -E "DISPLAY|XAUTHORITY" DISPLAY=:0 XAUTHRORITY=/home/hey/.Xauthority
However, if they default to a wrong value, then we’ll need to export these variables to point to proper values in our shell profile.
5. Running GUI Program as Another User Using sudo
Sometimes, we need to run a program as another. For instance, if we’re using Firefox as a user who is named “foo”, we’d need to specify it to the sudo command:
$ sudo -u foo -H firefox
- -u specifies the user
- -H sets the $HOME variable to the target user’s home directory
The above command has no issues whatsoever. However, we might get a familiar error that we discussed before:
No protocol specified Error: couldn't open display :0
The solution, in this case, is to simply add the user “foo” to the list of authorized access to the X server using xhost:
$ xhost si:localuser:foo
We should keep in mind that if our target user is “root”, then we’ll need to replace the username “foo” with “root”:
$ xhost si:localuser:root
6. Using the GVfs Admin Backend
The GVfs admin backend allows us to access the local filesystem as admin. So, it comes in handy when we need to modify system files.
For instance, if we need to edit the /etc/fstab file using gedit as root, we’ll specify the path prefixed with admin://:
$ gedit admin:///etc/fstab
The admin backend uses PolicyKit, which is an organized way for non-privileged processes to communicate with privileged ones.
In this article, we discussed the various ways to run GUI applications as root under Linux using gksu, sudo, and PAM. Additionally, we also learned how to run a GUI program as another root user.
Finally, we looked at the GVfs admin backend to edit system files using a graphical text editor.